VMware NSX® for vSphere 6.3

VMware NSX®

VMware NSX® is the network virtualization platform for the Software-Defined Data Center (SDDC), delivering the operational model of a virtual machine for entire networks. With NSX, network functions including switching, routing, and firewalling are embedded in the hypervisor and distributed across the environment.

The Key benefits of NSX include

Micro-segmentation and granular security delivered to the individual workload

Reduced network provisioning time from days to seconds and improved operational efficiency through automation

Workload mobility independent of physical network topology within and across data centers

Enhanced security and advanced networking services through an ecosystem of leading third-party vendors

Micro-Segmentation

NSX enables organizations to divide the data center into distinct security segments logically, down to the level of the individual workload – irrespective of the workload’s network subnet or VLAN. IT teams can then define security policies and controls for each workload based on dynamic security groups, which ensures immediate responses to threats inside the data center and enforcement down to the individual virtual machine. Unlike in traditional networks, if an attacker gets through data center perimeter defenses, threats can’t move laterally within the data center.

Key NSX Security Features

NSX Distributed Firewall

NSX Distributed Firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks. The Distributed Firewall enables policies based on VMware vCenter objects like datacenters and clusters, virtual machine names and tags, network constructs such as IP/VLAN/VXLAN addresses, as well as user group identity from Active Directory. Consistent security policies are enforced when a virtual machine gets vMotioned across physical hosts without the need to rewrite firewall rules. The Since Distributed Firewall is hypervisor kernel-embedded; it can deliver up to 20Gbps of firewall capacity per hypervisor host. The distributed nature of the firewall provides a scale-out architecture that automatically extends firewall capacity when additional hosts are added to a datacenter. In addition, integration with 3rd party partners in a wide variety of categories such as Next-Generation Firewall, IPS/IDS and agentless antivirus enables additional security control.

NSX Edge Services Gateway ESG)

The NSX Edge gateway provides services such as North-South firewalling, NAT, DHCP, VPN, load balancing and high availability. Internal interfaces connect to secured port groups and act as the gateway for all protected virtual machines in the port group. Uplink interfaces of ESGs connect to uplink port groups that have access to a shared corporate network or a service that provides access layer networking. Firewall rules and other NSX Edge services are enforced on traffic between network interfaces.

Application Rule Manager and Endpoint Monitoring

NSX Application Rule Manager simplifies the way you create security groups and firewall rules for applications based on their real-time network traffic flows. NSX Endpoint Monitoring enables you to profile applications inside the guest including visibility into specific application processes and their associated network connections. Used together, you have end-to-end visibility of your applications and simplified firewall rule creation to help operationalize micro-segmentation even faster and more effectively than ever before.